Vulnerabilities
Vulnerable Software
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-12
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-12
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
CVSS Score
7.5
EPSS Score
0.193
Published
2022-03-17
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-03-17
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-03-17
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-17
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-08-06


Contact Us

Shodan ® - All rights reserved